Index
A
- about 5.8.1
- access control
- access control list (ACL) 6.5.1
- examples
- external network services
- about 6.2
- advantages 6.1
- affect of upgrade from earlier release 6.4
- email alert for audit violation tutorial 22.4.8.1
- finding information about 6.13
- network hosts, using wildcards to specify 6.8
- ORA-06512 error 6.12
- ORA-24247 error 6.12
- ORA-24247 errors 6.4
- order of precedence, hosts 6.9
- port ranges 6.10
- privilege assignments, about 6.11.1
- privilege assignments, database administrators checking 6.11.2
- privilege assignments, users checking 6.11.4
- revoking privileges 6.5.4
- wallet access
- about 6.3
- advantages 6.3
- client certificate credentials, using 6.6.1
- finding information about 6.13
- non-shared wallets 6.6.1
- password credentials 6.6.1
- password credentials, using 6.6.1
- revoking 6.6.5
- revoking access 6.6.5
- shared database session 6.6.1
- wallets without sensitive information 6.6.1
- wallets with sensitive information 6.6.1
- accounting, RADIUS 19.4.4
- account locking
- activating checksumming and encryption 13.6.1
- adapters 15.5
- ad hoc tools
- database access, security problems of 4.8.7.1
- ADM_PARALLEL_EXECUTE_TASK role
- about 4.8.2
- administrative privileges
- administrative user passwords
- default, importance of changing A.5
- administrative users
- auditing 22.2.6.1
- last successful login time 3.2.9.4
- locked or expired accounts 3.2.9.2
- mandatorily audited 23.1.2
- password complexity verification functions 3.2.9.8
- password files, managing 3.2.9.5
- password files, multitenant environment 3.2.9.7
- password management 3.2.9.1
- password profile limits 3.2.9.3
- administrator privileges
- ADMIN OPTION
- Advanced Encryption Standard (AES)
- about 13.1.2
- AES256 algorithm
- converting to in Oracle wallets F.5.2.7
- alerts, used in fine-grained audit policy 22.4.8.1
- ALTER ANY LIBRARY statement
- security guidelines A.3
- altering users 2.3.1
- ALTER PROCEDURE statement
- used for compiling procedures 4.13.4
- ALTER PROFILE statement
- password management 3.2.4.1
- ALTER RESOURCE COST statement 2.4.4.5, 2.4.4.6
- ALTER ROLE statement
- changing authorization method 4.8.3.5
- ALTER SESSION statement
- schema, setting current 8.9.1
- ALTER USER privilege 2.3.1
- ALTER USER statement
- anonymous 18.8.1.3.1
- ANSI operations
- Oracle Virtual Private Database affect on 10.5.3
- ANY system privilege
- guidelines for security A.6
- application common users
- about 2.2.1.1
- application containers
- application contexts 9.4.1
- See also: client session-based application contexts, database session-based application contexts, global application contexts
- about 9.1.1
- as secure data cache 9.1.4
- benefits of using 9.1.4
- bind variables 10.1.5
- components 9.1.2
- creating session based 9.3.3.2
- DBMS_SESSION.SET_CONTEXT procedure 9.3.4.7
- driving context 9.6
- editions, affect on 9.1.5
- finding errors by checking trace files 9.6
- finding information about 9.6
- global application contexts
- logon trigger, creating 9.3.5
- Oracle Virtual Private Database, used with 10.1.5
- performance 10.4.2.9
- policy groups, used in 10.3.7.1
- returning predicate 10.1.5
- session information, retrieving 9.3.4.2
- support for database links 9.3.10.1
- types 9.2
- users, nondatabase connections 9.4.2, 9.4.6.7
- where values are stored 9.1.3
- application developers
- CONNECT role change A.12.3.2
- applications
- about security policies for 8.1
- database users 8.2.1
- enhancing security with 4.8.1.3
- object privileges 8.10.1
- object privileges permitting SQL statements 8.10.2
- One Big Application User authentication
- Oracle Virtual Private Database, how it works with 10.5.4
- password handling, guidelines 8.3.1.2
- password protection strategies 8.3
- privileges, managing 8.5
- roles
- security 4.8.7, 8.2.2
- security considerations for use 8.2
- security limitations 10.5.4
- security policies 10.3.7.3
- validating with security policies 10.3.7.5
- application security
- application users who are database users
- Oracle Virtual Private Database, how it works with 10.5.9
- archiving
- ARIA encryption algorithm 13.1.3
- asynchronous authentication mode in RADIUS 19.3.2
- attacks
- See: security attacks
- AUDIT_ADMIN role 4.8.2
- AUDIT_VIEWER role 4.8.2
- audit files
- auditing 22.1
- See also: unified audit policies
- administrators, Database Vault 22.2.14.2
- audit options 22.1
- audit trail, sensitive data in A.11
- CDBs 21.9
- committed data A.11.2
- cursors, affect on auditing 23.1.3
- databases, when unavailable 23.1.6
- database user names 3.5
- Database Vault administrators 22.2.14.2
- distributed databases and 21.10
- DV_ADMIN role user 22.2.14.2
- DV_OWNER role user 22.2.14.2
- finding information about audit management 23.4
- finding information about usage 22.5
- fine-grained
- See fine-grained auditing 22.4.1
- functions 22.2.7.10
- functions, Oracle Virtual Private Database 22.2.7.12
- general steps
- general steps for 22.1
- guidelines for security A.11
- historical information A.11.2
- INHERIT PRIVILEGE privilege 5.5.8
- keeping information manageable A.11.1
- loading audit records to unified audit trail 23.1.6
- mandatory auditing 23.1.2
- multitier environments
- See standard auditing 22.2.9
- One Big Application User authentication, compromised by 8.2.1
- operating-system user names 3.5
- Oracle Virtual Private Database policy functions 22.2.7.12
- packages 22.2.7.10
- performance 21.3
- PL/SQL packages 22.2.7.10
- predefined policies
- general steps for using 22.1.2
- privileges required 21.8
- procedures 22.2.7.10
- purging records
- range of focus 22.1
- READ object privileges in policies 22.2.8.2
- READ privileges
- recommended settings A.11.5
- Sarbanes-Oxley Act
- auditing, meeting compliance through 21.1
- SELECT privileges
- sensitive data A.11.4
- suspicious activity A.11.3
- traditional 22.2.20.2
- triggers 22.2.7.10
- unified audit trail
- about 21.4
- VPD predicates
- when audit options take effect 23.1.1
- when records are created 23.1.1
- auditing, purging records
- about 23.3.1
- cancelling archive timestamp 23.3.5.4
- creating audit trail
- purge job 23.3.3.1
- creating the purge job 23.3.3.5
- DBMS_SCHEDULER package 23.3.3.1
- deleting a purge job 23.3.5.3
- disabling purge jobs 23.3.5.1
- enabling purge jobs 23.3.5.1
- general steps for 23.3.2
- purging audit trail manually 23.3.4.1
- roadmap 23.3.2
- scheduling the purge job 23.3.3.5
- setting archive timestamp 23.3.3.4
- time interval for named purge job 23.3.5.2
- audit policies 21.1
- See also: unified audit policies
- audit policies, application contexts
- audit records
- when written to OS files 23.1.5
- audit trail
- AUTHENTICATEDUSER role 4.8.2
- authentication 3.2.1, 15.5
- See also: passwords, proxy authentication
- about 3.1
- administrators
- by database 3.4
- by SSL 3.8.2.1
- client A.9.1
- client-to-middle tier process 3.12.1.8
- configuring multiple methods 20.3
- database administrators 3.3.1
- databases, using
- directory-based services 3.6.2.4
- directory service 3.8.2
- external authentication
- global authentication
- methods 15.4
- middle-tier authentication
- proxies, example 3.12.1.10
- modes in RADIUS 19.3
- multitier 3.10
- network authentication
- One Big Application User, compromised by 8.2.1
- operating system authentication 3.7.1
- operating system user in PDBs 3.7.1
- ORA-28040 errors 3.2.7.3
- PDBs 3.7.1
- proxy user authentication
- public key infrastructure 3.6.2.5
- RADIUS 3.6.2.3
- remote A.9.1
- specifying when creating a user 2.2.5
- strong A.5
- SYSDBA on Windows systems 3.3.3
- Windows native authentication 3.3.3
- AUTHENTICATION parameter C.2.2
- AUTHID DEFINER clause
- used with Oracle Virtual Private Database functions 10.1.4
- authorization
- automatic reparse
- Oracle Virtual Private Database, how it works with 10.5.5
C
- CAPTURE_ADMIN role 4.8.2
- cascading revokes 4.16.3
- catpvf.sql script (password complexity functions) 3.2.5.2
- CDB_DBA role 4.8.2
- CDB common users
- CDBs
- auditing, how affects 21.9
- auditing, traditional 22.2.20.2
- CBAC role grants with DELEGATE option 5.7.5
- common privilege grants 4.6.1
- granting privileges 4.6.4
- local privilege grants 4.6.1
- object privileges 4.6.3
- privilege management 4.6
- revoking privileges 4.6.4
- role management 4.7
- roles
- system privileges 4.6.2
- transparent sensitive data protection 11.5
- user accounts
- user privileges, how affects 4.3
- users
- viewing information about 4.6.6.1
- Virtual Private Database policies 10.1.6
- Center for Internet Security (CIS) 22.3.5
- certificate 18.4.2.2
- certificate authority 18.4.2.1
- certificate key algorithm
- Secure Sockets Layer A.9.3
- certificate revocation list (CRL)
- certificate revocation lists 18.4.2.3
- certificate revocation status checking
- certificates
- certificate validation error message
- challenge-response authentication in RADIUS 19.3.2
- change_on_install default password A.5
- character sets
- Cipher Block Chaining (CBC) mode, defined 13.1.2
- cipher suites
- about 18.8.1.3.1
- authentication methods 18.8.1.3.2
- data integrity 18.8.1.3.2
- encryption algorithms used by 18.8.1.3.2
- procedure for specifying for server 18.8.1.3.3
- Secure Sockets Layer A.9.3
- Secure Sockets Layer (SSL) C.2.4
- TLS compatibility 18.8.1.3.2
- Cipher Suites
- FIPS 140-2 settings E.3.2
- CLIENT_IDENTIFIER USERENV attribute 3.12.2.4
- See also: USERENV namespace
- client authentication in SSL 18.8.1.5
- client connections
- CLIENTID_OVERWRITE event 3.12.2.6
- client identifier
- setting for applications that use JDBC 3.12.2.5
- client identifiers 9.4.2
- See also: nondatabase users
- client session-based application contexts 9.5.1
- See also: application contexts
- code based access control (CBAC)
- column masking behavior 10.3.6.4
- columns
- command line recall attacks 8.3.1.1, 8.3.1.4
- committed data
- auditing A.11.2
- common privilege grants
- common roles
- common user accounts
- common users
- configuration
- guidelines for security A.8
- configuration files
- configuring
- connecting
- with username and password 20.1
- connection pooling
- CONNECT role
- CONTAINER_DATA objects
- viewing information about 4.6.6
- container database (CDB)
- See: CDBs
- container data objects
- about 4.6.6.1
- controlled step-in procedures 5.3
- CPU time limit 2.4.2.3
- CREATE ANY LIBRARY statement
- security guidelines A.3
- CREATE ANY PROCEDURE system privilege 4.13.3
- CREATE CONTEXT statement
- example 9.3.3.1
- CREATE PROCEDURE system privilege 4.13.3
- CREATE PROFILE statement
- CREATE ROLE statement
- IDENTIFIED EXTERNALLY option 4.8.4.3
- CREATE SCHEMA statement
- securing 8.9.1
- CREATE SESSION statement
- CREATE USER statement
- CRL 18.4.2.3
- CRLAdmins directory administrative group F.8.7
- CRLs
- cryptographic hardware devices 18.4.2.5
- cryptographic libraries
- FIPS 140-2 E.1
- CSW_USR_ROLE role 4.8.2
- CTXAPP role 4.8.2
- cursors
- CWM_USER role 4.8.2
D
- database administrators (DBAs)
- Database Configuration Assistant (DBCA)
- database links
- application contexts 9.3.4.6
- application context support 9.3.10.1
- authenticating with Kerberos 3.6.2.2
- authenticating with third-party services 3.6.2.1
- definer’s rights procedures 5.8.1
- global user authentication 3.8.3
- object privileges 4.10.1
- operating system accounts, care needed 3.5
- RADIUS not supported 19.1
- session-based application contexts, accessing 9.3.4.6
- databases
- access control
- password encryption 3.2.1
- additional security products 1.2
- authentication 3.4
- database user and application user 8.2.1
- default password security settings 3.2.4.5
- default security features, summary 1.1
- granting privileges 4.15
- granting roles 4.15
- limitations on usage 2.4.1
- security and schemas 8.9
- security embedded, advantages of 8.2.2
- security policies based on 10.1.2.1
- access control
- database session-based application contexts 9.3.1
- See also: application contexts
- about 9.3.1
- cleaning up after user exits 9.3.1
- components 9.3.2
- database links 9.3.4.6
- dynamic SQL 9.3.4.4
- externalized, using 9.3.12
- how to use 9.3
- initializing externally 9.3.10.1
- initializing globally 9.3.11.1
- ownership 9.3.3.1
- parallel queries 9.3.4.5
- PL/SQL package creation 9.3.4
- session information, setting 9.3.4.7
- SYS_CONTEXT function 9.3.4.2
- trusted procedure 9.1.2
- tutorial 9.3.9
- database upgrades and CONNECT role A.12.2.1
- data definition language (DDL)
- roles and privileges 4.8.1.9
- data dictionary
- data encryption and integrity parameters
- about B.3.1
- SQLNET.CRYPTO_CHECKSUM_CLIENT B.3.5
- SQLNET.CRYPTO_CHECKSUM_SERVER B.3.4
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT B.3.9
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER B.3.8
- SQLNET.ENCRYPTION_CLIENT B.3.3
- SQLNET.ENCRYPTION_SERVER B.3.2
- SQLNET.ENCRYPTION_TYPES_CLIENT B.3.7
- SQLNET.ENCRYPTION_TYPES_SERVER B.3.6
- Data Encryption Standard (DES)
- data files A.6
- guidelines for security A.6
- data manipulation language (DML)
- privileges controlling 4.11.1
- DATAPUMP_EXP_FULL_DATABASE role 4.8.2
- DATAPUMP_IMP_FULL_DATABASE role 4.8.2
- data security
- encryption, problems not solved by 12.1.3
- DBA_CONTAINER_DATA data dictionary view 4.6.6.1
- DBA_ROLE_PRIVS view
- application privileges, finding 8.6
- DBA_ROLES data dictionary view
- PUBLIC role 4.5.5
- DBA role
- about 4.8.2
- DBFS_ROLE role 4.8.2
- DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure 8.4.4
- DBMS_CRYPTO package
- examples 12.5.1
- DBMS_CRYPTO PL/SQL package
- enabling for FIPS 140-2 E.2
- DBMS_FGA package
- DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE procedure 6.5.4
- DBMS_RLS.ADD_POLICY
- DBMS_RLS.ADD_POLICY procedure
- transparent sensitive data protection polices 11.12.2
- DBMS_SESSION.SET_CONTEXT procedure
- DBMS_SESSION.SET_IDENTIFIER procedure
- DBMS_SESSION package
- DBSNMP user account
- password usage A.5
- DDL
- See: data definition language
- debugging
- default command rules
- ORA_DV_AUDPOL2 predefined audit policy for 22.3.8
- default passwords A.5
- default permissions A.6
- default profiles
- about 3.2.4.3
- default realms
- ORA_DV_AUDPOL2 predefined audit policy for 22.3.8
- default roles
- defaults
- default users
- definers’s rights, database links
- definer’s rights
- definer’s rights, database links
- grants of INHERIT ANY REMOTE PRIVILEGES 5.8.4
- grants of INHERIT ANY REMOTE PRIVILEGES on connected user to current user, example 5.8.3
- grants of INHERIT REMOTE PRIVILEGES to other users 5.8.2
- revokes of INHERIT [ANY] REMOTE PRIVILEGES 5.8.5
- revoking INHERIT REMOTE PRIVILEGES from PUBLIC, example 5.8.7
- revoking INHERIT REMOTE PRIVILEGES on connecting user from procedure owner, example 5.8.6
- tutorial 5.8.8.1
- denial of service (DoS) attacks
- denial-of-service (DoS) attacks
- Department of Defense Database Security Technical Implementation Guide 3.2.5.5, 3.2.5.6
- dictionary protection mechanism 4.5.2.2
- dictionary tables
- auditing 22.2.7.4
- Diffie-Hellman 18.8.1.3.1
- Diffie-Hellman key negotiation algorithm 13.5
- directories
- auditing 22.2.7.2
- directory authentication, configuring for SYSDBA or SYSOPER access 3.3.2.2
- directory-based services authentication 3.6.2.4
- directory objects
- granting EXECUTE privilege on 4.15.1.3
- direct path load
- fine-grained auditing effects on 22.4.1
- disabling unnecessary services
- FTP, TFTP, TELNET A.9.2
- dispatcher processes (Dnnn)
- limiting SGA space for each session 2.4.2.5
- distributed databases
- auditing and 21.10
- DML
- See: data manipulation language
- driving context 9.6
- DROP PROFILE statement
- example 2.4.4.6
- DROP ROLE statement
- DROP USER statement
- DVF schema
- ORA_DV_AUDPOL predefined audit policy for 22.3.7
- DVSYS schema
- ORA_DV_AUDPOL predefined audit policy for 22.3.7
- dynamic Oracle Virtual Private Database policy types 10.3.8.2
- DYNAMIC policy type 10.3.8.2
E
- ECB ciphertext encryption mode 12.4
- editions
- EJBCLIENT role 4.8.2
- EM_EXPRESS_ALL role 4.8.2
- EM_EXPRESS_BASIC role 4.8.2
- email alert example 22.4.8.1
- encryption
- access control 12.1.1
- BLOBS 12.2.6
- challenges 12.2
- data security, problems not solved by 12.1.3
- data transfer A.9.2
- deleted encrypted data A.6
- examples 12.5.1
- finding information about 12.6
- indexed data 12.2.1
- key generation 12.2.2
- keys, changing 12.2.5
- key storage 12.2.4.1
- key transmission 12.2.3
- malicious database administrators 12.1.2
- network encryption 13.6
- network traffic A.9.2
- problems not solved by 12.1
- Transparent Data Encryption 12.2.4.5
- transparent tablespace encryption 12.2.4.5
- encryption algorithms
- encryption and checksumming
- ENFORCE_CREDENTIAL configuration parameter
- security guideline A.10
- enterprise directory service 4.8.4.6
- enterprise roles 3.8.1, 4.8.4.6
- enterprise user management 8.2.1
- enterprise users
- Enterprise User Security
- error messages
- errors
- example 22.2.19.3
- examples 10.4
- See also: tutorials
- access control lists
- account locking 3.2.4.8
- auditing user SYS 22.2.5.5
- audit trail, purging unified trail 23.3.6
- data encryption
- directory objects, granting EXECUTE privilege on 4.15.1.3
- encrypting procedure 12.5.1
- Java code to read passwords 8.3.4
- locking an account with CREATE PROFILE 3.2.4.8
- login attempt grace period 3.2.4.14
- nondatabase user authentication 9.4.6.7
- O7_DICTIONARY_ACCESSIBILITY initialization parameter, setting 4.5.2.2
- passwords
- privileges
- procedure privileges affecting packages 4.13.5.2, 4.13.5.3
- profiles, assigning to user 2.2.9
- roles
- secure external password store 3.2.8.2
- session ID of user
- finding 2.5.2
- system privilege and role, granting 4.15.1.2
- tablespaces
- type creation 4.14.5
- users
- exceptions
- Exclusive Mode
- SHA-2 password hashing algorithm, enabling 3.2.7.2
- EXECUTE_CATALOG_ROLE role
- SYS schema objects, enabling access to 4.5.2.3
- EXECUTE ANY LIBRARY statement
- security guidelines A.3
- EXEMPT ACCESS POLICY privilege
- Oracle Virtual Private Database enforcements, exemption 10.5.7.2
- EXP_FULL_DATABASE role
- about 4.8.2
- expiring a password
- explicitly 3.2.4.14
- exporting data
- extended data objects
- views and Virtual Private Database 10.3.2
- external authentication
- external network services
- enabling listener for 6.5.2
- external network services, fine-grained access to
- See: access control list (ACL)
- external network services, syntax for 6.5.1
- external procedures
- external tables A.6
- extproc process
F
- failed login attempts
- fallback authentication, Kerberos 17.5
- Federal Information Processing Standard (FIPS)
- files
- fine-grained access control
- See: Oracle Virtual Private Database (VPD)
- fine-grained auditing
- about 22.4.1
- alerts, adding to policy 22.4.8.1
- archiving audit trail 23.2.2
- columns, specific 22.4.7.4.3
- DBMS_FGA package 22.4.7.1
- direct loads of data 22.4.1
- edition-based redefinitions 22.4.6
- editions, results in 9.4.6.2
- finding errors by checking trace files 22.5
- how audit records are generated 22.4.2
- how to use 22.4.1
- policies
- adding 22.4.7.4.1
- disabling 22.4.7.6
- dropping 22.4.7.8
- enabling 22.4.7.7
- modifying 22.4.7.4.1
- policy creation syntax 22.4.7.4.2
- privileges required 22.4.3
- records
- archiving 23.2.2
- transparent sensitive data protection policy settings 11.14.2
- TSDP policies and 11.14.1
- VPD predicates 22.4.4
- fips.ora file E.3.1
- FIPS 140-2 cryptographic libraries
- about E.1
- FIPS Parameter
- Configuring E.3
- firewalls
- flashback query
- Oracle Virtual Private Database, how it works with 10.5.6
- foreign keys
- privilege to use parent key 4.11.2
- FTP service A.9.2
- functions
G
- GATHER_SYSTEM_STATISTICS role 4.8.2
- GLOBAL_AQ_USER_ROLE role 4.8.2
- GLOBAL_EXTPROC_CREDENTIAL configuration parameter
- security guideline 8.4.5
- global application contexts 9.4.1
- See also: application contexts
- about 9.4.1
- authenticating nondatabase users 9.4.6.7
- checking values set globally for all users 9.4.6.5
- clearing values set globally for all users 9.4.6.5
- components 9.4.3
- editions, affect on 9.4.6.2
- example of authenticating nondatabase users 9.4.6.8
- example of authenticating user moving to different application 9.4.6.6
- example of setting values for all users 9.4.6.5
- Oracle RAC environment 9.4.4
- Oracle RAC instances 9.4.1
- ownership 9.4.5.1
- PL/SQL package creation 9.4.6.1
- process, lightweight users 9.4.9.2
- process, standard 9.4.9.1
- sharing values globally for all users 9.4.6.4
- system global area 9.4.1
- tutorial for client session IDs 9.4.8.1
- used for One Big Application User scenarios 10.5.9
- uses for 10.5.9
- global authentication
- global authorization
- global roles
- about 4.8.4.6
- global users 3.8.1
- GOST encryption algorithm 13.1.4
- grace period for login attempts
- example 3.2.4.14
- grace period for password expiration 3.2.4.14
- GRANT ALL PRIVILEGES statement
- SELECT ANY DICTIONARY privilege, exclusion of A.6
- GRANT ANY PRIVILEGE system privilege 4.5.4
- GRANT CONNECT THROUGH clause
- granting privileges and roles
- GRANT statement 4.15.1.1
- guidelines for security
- auditing A.11
- custom installation A.8
- data files and directories A.6
- encrypting sensitive data A.6
- guidelines for security
- custom installation A.8
- installation and configuration A.8
- networking security A.9
- operating system accounts, limiting privileges A.6
- operating system users, limiting number of A.6
- ORACLE_DATAPUMP access driver A.7
- Oracle home default permissions, disallowing modification A.6
- passwords A.5
- products and options
- install only as necessary A.8
- sample schemas A.8
- Sample Schemas
- Secure Sockets Layer
- symbolic links, restricting A.6
- user accounts and privileges A.3
I
- IMP_FULL_DATABASE role
- about 4.8.2
- INACTIVE_ACCOUNT_TIME profile parameter 3.2.4.6
- inactive user accounts, locking automatically 3.2.4.6
- indexed data
- encryption 12.2.1
- indirectly granted roles 4.8.1.2
- INHERIT ANY PRIVILEGES privilege
- INHERIT ANY REMOTE PRIVILEGES 5.8.1
- INHERIT PRIVILEGES privilege
- INHERIT REMOTE PRIVILEGES
- about 5.8.1
- initialization parameter file
- initialization parameters
- INSERT privilege
- installation
- guidelines for security A.8
- intruders
- See: security attacks
- invoker’s rights
- IP addresses
- falsifying A.9.2
J
- JAVA_ADMIN role 4.8.2
- JAVA_DEPLOY role 4.8.2
- JAVA_RESTRICT initialization parameter
- security guideline A.6
- Java Byte Code Obfuscation 14.5
- Java Database Connectivity (JDBC)
- JAVADEBUGPRIV role 4.8.2
- Java Debug Wire Protocol (JDWP)
- network access for debugging operations 6.12
- JAVAIDPRIV role 4.8.2
- Java schema objects
- auditing 22.2.7.2
- Java stored procedures
- network access for debugging operations 6.12
- JAVASYSPRIV role 4.8.2
- JAVAUSERPRIV role 4.8.2
- JDBC
- See: Java Database Connectivity
- JDBC connections
- JDeveloper
- debugging using Java Debug Wire Protocol 6.12
- JMXSERVER role 4.8.2
K
- Kerberos 15.4.1
- authentication adapter utilities 17.2
- authentication fallback behavior 17.5
- configuring authentication 17.1, 17.1.6.1
- configuring for database server 17.1.2
- configuring for Windows 2008 Domain Controller KDC 17.4
- connecting to database 17.3
- interoperability with Windows 2008 Domain Controller KDC 17.4.1
- kinstance 17.1.2
- kservice 17.1.2
- realm 17.1.2
- sqlnet.ora file sample B.2
- system requirements 15.6
- Kerberos authentication 3.6.2.2
- Kerberos Key Distribution Center (KDC) 17.4
- key generation
- encryption 12.2.2
- key storage
- encryption 12.2.4.1
- key transmission
- encryption 12.2.3
- kinstance (Kerberos) 17.1.2
- kservice (Kerberos) 17.1.2
L
- LBAC_DBA role 4.8.2
- LBACSYS.ORA_GET_AUDITED_LABEL function
- about 22.2.15.9
- LBACSYS schema
- ORA_DV_AUDPOL predefined audit policy for 22.3.7
- ldap.ora
- which directory SSL port to use for no authentication 18.11.5.4
- least privilege principle A.3
- libraries
- auditing 22.2.7.2
- lightweight users
- listener
- listener.ora file
- lists data dictionary
- See: views
- local privilege grants
- local roles
- local user accounts
- creating 2.2.10.3
- local users
- about 2.2.1.3
- lock and expire
- locking inactive user accounts automatically 3.2.4.6
- log files
- owned by trusted user A.6
- logical reads limit 2.4.2.4
- logon triggers
- LOGSTDBY_ADMINISTRATOR role 4.8.2
M
- malicious database administrators 12.1.2
- See also: security attacks
- manager default password A.5
- managing roles with RADIUS server 19.4.8
- materialized views
- auditing 22.2.7.2
- MD5 message digest algorithm 13.4
- memory
- users, viewing 2.6.5
- MERGE INTO statement, affected by DBMS_RLS.ADD_POLICY statement_types parameter 10.3.4
- metadata links
- privilege management 4.10.6.1
- methods
- privileges on 4.14
- Microsoft Windows
- Kerberos
- configuring for Windows 2008 Domain Controller KDC 17.4
- Kerberos
- middle-tier systems
- client identifiers 3.12.2.2
- enterprise user connections 3.12.1.14
- password-based proxy authentication 3.12.1.13
- privileges, limiting 3.12.1.9
- proxies authenticating users 3.12.1.10
- proxying but not authenticating users 3.12.1.11
- reauthenticating user to database 3.12.1.12
- USERENV namespace attributes, accessing 9.3.10.5
- mining models
- auditing 22.2.7.2
- mixed mode auditing capabilities 21.7.4
- monitoring user actions 21.1
- See also: auditing, standard auditing, fine-grained auditing
- multiplex multiple-client network sessions A.9.2
- multitenant container database (CDB)
- See: CDBs
- My Oracle Support
- security patches, downloading A.2.1
N
- native network encryption
- compared with Transport Layer Security 13.1.7
- native network enryption
- disabling 20.2
- nCipher hardware security module
- using Oracle Net tracing to troubleshoot 18.12.4.1
- Net8
- See: Oracle Net
- Netscape Communications Corporation 18.1
- network authentication
- network connections
- network encryption
- network IP addresses
- guidelines for security A.9.2
- network traffic encryption A.9.2
- nondatabase users 9.4.2
- See also: application contexts, client identifiers
O
- O7_DICTIONARY_ACCESSIBILITY initialization parameter
- obfuscation 14.5
- object privileges 4.10.1, A.3
- See also: schema object privileges
- objects
- object types
- auditing 22.2.7.2
- OEM_ADVISOR role 4.8.2
- OEM_MONITOR role 4.8.2
- OFB ciphertext encryption mode 12.4
- okcreate
- Kerberos adapter utility 17.2
- okcreate options 17.2.4
- okdstry
- Kerberos adapter utility 17.2
- okdstry options 17.2.3
- okinit
- Kerberos adapter utility 17.2
- okinit utility options 17.2.1
- oklist
- Kerberos adapter utility 17.2
- OLAP_DBA role 4.8.2
- OLAP_USER role 4.8.2
- OLAP_XS_ADMIN role 4.8.2
- One Big Application User authentication
- See: nondatabase users
- operating system
- audit files written to 23.1.5
- operating systems 3.7.1
- operating system users
- configuring for PDBs 3.7.2
- OPTIMIZER_PROCESSING_RATE role 4.8.2
- ORA_ACCOUNT_MGMT predefined unified audit policy 22.3.4
- ORA_CIS_RECOMMENDATIONS predefined unified audit policy 22.3.5
- ORA_DATABASE_PARAMETER predefined unified audit policy 22.3.3
- ORA_DV_AUDPOL2 predefined unified audit policy 22.3.8
- ORA_DV_AUDPOL predefined unified audit policy 22.3.7
- ORA_LOGON_FAILURES predefined unified audit policy 22.3.1
- ORA_SECURECONFIG predefined unified audit policy 22.3.2
- ORA_STIG_PROFILE profile 3.2.5.5
- ORA-01720 error 4.12.1
- ORA-01994 2.3.4.1
- ORA-06512 error 6.12, 22.4.8.6
- ORA-06598 error 5.5.2
- ORA-12650 error B.3.7
- ORA-1536 error 2.2.7.3
- ORA-24247 error 6.4, 6.12, 22.4.8.6
- ORA-28009 error 4.5.2.2
- ORA-28017 error 2.3.4.1
- ORA-28040 error 3.2.7.3, 3.4.1
- ORA-28046 error 2.3.4.1
- ORA-28575 error 8.4.3
- ORA-40300 error 18.12.4.2
- ORA-40301 error 18.12.4.2
- ORA-40302 error 18.12.4.2
- ORA-45622 errors 11.6.6.2
- ORACLE_DATAPUMP access driver
- guidelines for security A.7
- Oracle Advanced Security
- Oracle Call Interface (OCI)
- Oracle Connection Manager
- securing client networks with A.9.2
- Oracle Database Enterprise User Security
- password security threats 3.2.7.1
- Oracle Database Real Application Clusters
- Oracle Database Real Application Security
- Oracle Database Vault
- auditing 22.2.14
- command rules, audit events 22.2.14.6
- Data Pump, audit events 22.2.14.10
- enable and disable, audit events 22.2.14.11
- factors, audit events 22.2.14.7
- OLS, audit events 22.2.14.9
- realms, audit events 22.2.14.4
- rule sets and rules, audit events 22.2.14.5
- secure application roles, audit events 22.2.14.8
- Oracle Data Guard
- SYSDG administrative privilege 4.4.5
- Oracle Data Mining
- audit events 22.2.16.2
- Oracle Data Pump
- Oracle Developer Tools For Visual Studio (ODT)
- debugging using Java Debug Wire Protocol 6.12
- Oracle Enterprise Manager
- Oracle Enterprise Security Manager
- role management with 3.6.2.4
- Oracle home
- default permissions, disallowing modification A.6
- Oracle Internet Directory
- Diffie-Hellman SSL port 18.11.5.4
- Oracle Internet Directory (OID)
- Oracle Java Virtual Machine
- JAVA_RESTRICT initialization parameter security guideline A.6
- Oracle Java Virtual Machine (OJVM)
- permissions, restricting A.3
- Oracle Label Security
- Oracle Label Security (OLS)
- Oracle Virtual Private Database, using with 10.5.7.1
- OracleMetaLink
- See: My Oracle Support
- Oracle Net
- firewall support A.9.2
- Oracle parameters
- authentication 20.4
- Oracle Password Protocol 14.4
- Oracle RAC
- Secure Sockets Layer 18.9.1
- Oracle Real Application Clusters
- Oracle Real Application Security
- auditing internal predicates in policies 22.2.7.11
- Oracle Recovery Manager
- Oracle SQL*Loader
- Direct Load Path audit events 22.2.18.2
- Oracle Technology Network
- security alerts A.2.1
- Oracle Virtual Private Database
- Oracle Virtual Private Database (VPD)
- about 10.1.1
- ANSI operations 10.5.3
- application contexts
- applications
- applications using for security 8.2.2
- automatic reparsing, how it works with 10.5.5
- benefits 10.1.2
- CDBs 10.1.6
- column level 10.3.6.1
- column-level display 10.3.6.1
- column masking behavior
- components 10.2
- configuring 10.3
- cursors, shared 10.1.5
- edition-based redefinitions 10.5.1
- editions, results in 9.4.6.2
- Enterprise User Security proxy authentication, how it works with 10.5.9
- exporting data 10.5.7.2
- extended data objects in views 10.3.2
- finding information about 10.6
- flashback query, how it works with 10.5.6
- function
- JDBC proxy authentication, how it works with 10.5.9
- nondatabase user applications, how works with 10.5.9
- OCI proxy authentication, how it works with 10.5.9
- Oracle Label Security
- outer join operations 10.5.3
- performance benefit 10.1.2.2
- policies, Oracle Virtual Private Database
- policy groups
- policy types
- context sensitive, about 10.3.8.8
- context sensitive, altering existing policy 10.3.8.11
- context-sensitive, audited 22.2.7.12
- context sensitive, creating 10.3.8.9
- context sensitive, refreshing 10.3.8.10
- context sensitive, restricting evaluation 10.3.8.8
- context sensitive, when to use 10.3.8.13
- DYNAMIC 10.3.8.2
- dynamic, audited 22.2.7.12
- shared context sensitive, about 10.3.8.12
- shared context sensitive, when to use 10.3.8.13
- shared static, about 10.3.8.6
- shared static, when to use 10.3.8.7
- static, about 10.3.8.4
- static, audited 22.2.7.12
- static, when to use 10.3.8.7
- summary of features 10.3.8.14
- privileges required to create policies 10.1.3
- SELECT FOR UPDATE statements in policies 10.5.2
- tutorial, simple 10.4.1.1
- user models 10.5.9
- Web-based applications, how it works with 10.5.9
- Oracle Virtual Private Datebase (VPD)
- Oracle Wallet Manager
- X.509 Version 3 certificates 3.6.2.5
- Oracle wallets
- orapki utility
- about F.1
- adding a certificate request to a wallet with F.5.3.1
- adding a root certificate to a wallet with F.5.3.2
- adding a trusted certificate to a wallet with F.5.3.2
- adding user certificates to a wallet with F.5.3.4
- cert create command F.8.1
- cert display command F.8.2
- certificate revocation lists 18.11.5.1
- changing the wallet password with F.5.2.6
- converting wallet to use AES256 algorithm F.5.2.7
- creating a local auto-login wallet with F.5.2.4
- creating an auto-login wallet with F.5.2.2, F.5.2.3
- creating a wallet with F.5.2.1
- creating signed certificates for testing F.3
- crl delete command F.8.3
- crl display command F.8.4
- crl hash command F.8.5
- crl list command F.8.6
- crl upload command F.8.7
- examples F.7
- exporting a certificate from a wallet with F.5.4
- exporting a certificate request from a wallet with F.5.4
- managing certificate revocation lists F.6
- syntax F.2
- viewing a test certificate with F.4
- viewing a wallet with F.5.2.5
- wallet add command F.8.8
- wallet convert command F.8.9
- wallet create command F.8.10
- wallet display command F.8.11
- wallet export command F.8.12
- ORAPWD utility
- ORDADMIN role 4.8.2
- OS_AUTHENT_PREFIX parameter 20.4.2
- OS_ROLES initialization parameter
- OSS.SOURCE.MY_WALLET parameter 18.8.1.2, 18.8.2.3
- outer join operations
- Oracle Virtual Private Database affect on 10.5.3
P
- packages
- parallel execution servers 9.3.4.5
- parallel query, and SYS_CONTEXT 9.3.4.5
- parameters
- pass phrase
- read and parse server.key file A.9.3
- PASSWORD_LIFE_TIME profile parameter 3.2.4.11
- PASSWORD_LOCK_TIME profile parameter 3.2.4.7
- PASSWORD_REUSE_MAX profile parameter 3.2.4.10
- PASSWORD_REUSE_TIME profile parameter 3.2.4.10
- PASSWORD command
- about 2.3.3.2
- password complexity functions
- password files
- password limits
- administrative logins 3.3.4
- password management
- inactive user accounts, locking automatically 3.2.4.6
- passwords 3.2.1
- See also: authentication, and access control list (ACL), wallet access
- 10G password version, finding and resetting 3.2.6.5
- about managing 3.2.4.1
- account locking 3.2.4.7
- administrator
- aging and expiration 3.2.4.11
- altering 2.3.3.1
- ALTER PROFILE statement 3.2.4.1
- application design guidelines 8.3.1.2
- applications, strategies for protecting passwords 8.3
- brute force attacks 3.2.1
- case sensitivity, configuring 3.2.6.1
- changing for roles 4.8.3.5
- changing SYS with ORAPWD utility 2.3.4.2
- complexity, guidelines for enforcing A.5
- complexity verification
- about 3.2.5.1
- connecting without 3.5
- CREATE PROFILE statement 3.2.4.1
- danger in storing as clear text A.5
- database user authentication 3.4.1
- default, finding 3.2.4.2
- default profile settings
- about 3.2.4.3
- default user account A.5
- delays for incorrect passwords 3.2.1
- duration A.5
- encrypting 3.2.1, A.5
- examples of creating 3.2.2
- expiring
- failed logins, resetting 3.2.4.7
- grace period, example 3.2.4.14
- guidelines for security A.5
- history 3.2.4.10, A.5
- Java code example to read passwords 8.3.4
- length A.5
- lifetime for 3.2.4.11
- life time set too low 3.2.4.15
- lock time 3.2.4.7
- management rules A.5
- managing 3.2.4
- maximum reuse time 3.2.4.10
- ORAPWD utility 3.2.6.6
- PASSWORD_LOCK_TIME profile parameter 3.2.4.7
- PASSWORD_REUSE_MAX profile parameter 3.2.4.10
- PASSWORD_REUSE_TIME profile parameter 3.2.4.10
- password complexity verification 3.2.5.1
- password file risks 3.3.5
- policies 3.2.4
- privileges for changing for roles 4.8.3.5
- privileges to alter 2.3.1
- protections, built-in 3.2.1
- proxy authentication 3.12.1.13
- requirements
- reusing 3.2.4.10, A.5
- reusing passwords 3.2.4.10
- role password case sensitivity 3.2.6.3
- roles authenticated by passwords 4.8.3.1
- roles enabled by SET ROLE statement 4.8.4.1
- secure external password store 3.2.8.1
- security risks 3.3.5
- SYS account 2.3.4.1
- SYS and SYSTEM A.5
- used in roles 4.8.1.3
- utlpwdmg.sql password script
- password management 3.2.5.1
- verified using SHA-512 hash function 3.2.7.3
- versions, management of 3.2.6.4
- password versions
- PDB_DBA role 4.8.2
- PDB lockdown profiles
- PDBs
- application common users
- about 2.2.1.1
- auditing
- CDB common users
- about 2.2.1.1
- common roles
- common users
- Enterprise Manager
- about 7.1
- creating common roles 7.4.1
- creating common users 7.3.1
- creating local roles 7.4.5
- creating local users 7.3.4
- dropping common roles 7.4.3
- dropping common users 7.3.3
- dropping local roles 7.4.7
- dropping local users 7.3.6
- editing common roles 7.4.2
- editing common users 7.3.2
- editing local roles 7.4.6
- editing local users 7.3.5
- logging in 7.2.1
- revoking common privilege grants 7.4.4
- revoking local privilege grants 7.4.8
- switching to different container 7.2.2
- fine-grained audit policies 22.4.5
- local roles
- local users
- operating system user configuration 3.7.2
- operating system user for, setting 3.7.1
- privileges
- PUBLIC role 4.7.3
- sqlnet.ora settings 3.2.7.3
- transparent sensitive data protection 11.5
- viewing information about 4.6.6.1
- Virtual Private Database policies 10.1.6
- application common users
- performance
- permissions
- PKCS #11 devices 18.4.2.5
- PKCS #11 error
- PKI
- See: public key infrastructure (PKI)
- PL/SQL
- roles in procedures 4.8.1.8
- PL/SQL packages
- PL/SQL procedures
- setting application context 9.3.4.1
- PL/SQL stored procedures
- network access for debugging operations 6.12
- PMON background process
- application contexts, cleaning up 9.3.1
- positional parameters
- security risks 8.3.1.4
- principle of least privilege A.3
- privileges 4.5
- See also: access control list (ACL) and system privileges, privilege captures
- about 4.1
- access control lists, checking for external network services 6.11.1
- altering
- altering role authentication method 4.8.3.5
- applications, managing 8.5
- auditing, recommended settings for A.11.5
- auditing use of 22.2.5.1
- cascading revokes 4.16.3
- column 4.15.2.4
- compiling procedures 4.13.4
- creating or replacing procedures 4.13.3
- creating users 2.2.3
- data links 4.10.6.2
- privilege management 4.10.6.2
- dropping profiles 2.4.4.6
- extended data links 4.10.6.3
- privilege management 4.10.6.3
- granting
- grants, listing 4.20.2
- grouping with roles 4.8
- managing 8.10
- metadata links 4.10.6.1
- middle tier 3.12.1.9
- object 4.10.1, 4.10.3.2, 8.10.2
- granting and revoking 4.10.3.1
- on selected columns 4.16.2.4
- procedures 4.13.1
- READ ANY TABLE system privilege
- READ object privilege 4.10.4.1
- reasons to grant 4.2
- revoking privileges
- revoking system privileges 4.16.1
- roles
- roles, why better to grant 4.2
- schema object 4.10.1
- SELECT system privilege 4.10.4.1
- SQL statements permitted 8.10.2
- synonyms and underlying objects 4.10.5
- system
- SYSTEM and OBJECT A.3
- system privileges
- about 4.5.1
- trigger privileges 5.2
- used for Oracle Virtual Private Database policy functions 10.1.4
- view privileges
- views 4.12
- procedures
- process monitor process (PMON)
- cleans up timed-out sessions 2.4.2.5
- PRODUCT_USER_PROFILE table
- SQL commands, disabling with 4.8.7.2
- profile parameters
- profiles 2.4.4.1
- about 2.4.4.1
- application 2.4.4.4
- assigning to user 2.4.4.5
- CDB 2.4.4.4
- common 2.4.4.4
- creating 2.4.4.3
- dropping 2.4.4.6
- finding information about 2.6.1
- finding settings for default profile 2.6.4
- managing 2.4.4.1
- ora_stig_profile user profile 2.4.4.2
- privileges for dropping 2.4.4.6
- specifying for user 2.2.9
- viewing 2.6.4
- program units
- granting roles to 4.8.5.3
- PROVISIONER role 4.8.2
- PROXY_USERS view 3.12.1.6
- proxy authentication
- about 3.12.1.1
- advantages 3.12.1.2
- auditing operations 3.11
- auditing users 22.2.9
- client-to-middle tier sequence 3.12.1.8
- creating proxy user accounts 3.12.1.3
- middle-tier
- passwords, expired 3.12.1.6
- privileges required for creating users 3.12.1.3
- secure external password store, used with 3.12.1.7
- security benefits 3.12.1.2
- users, passing real identity of 3.12.1.8
- proxy user accounts
- privileges required for creation 3.12.1.3
- pseudo columns
- USER 4.12.2
- PUBLIC_DEFAULT profile
- profiles, dropping 2.4.4.6
- public key infrastructure (PKI) 15.4.3
- about 3.6.2.5
- Public Key Infrastructure (PKI)
- PUBLIC role
R
- RADIUS 15.4.2
- accounting 19.4.4
- asynchronous authentication mode 19.3.2
- authentication modes 19.3
- authentication parameters C.3
- challenge-response
- configuring 19.4.1
- database links not supported 19.1
- initialization parameter file setting C.3.3
- location of secret key 19.4.1.3.1
- minimum parameters to set C.3.2
- smartcards and 15.4.2, 19.3.2.2, 19.4.1.3.2, D.1
- SQLNET.AUTHENTICATION_SERVICES parameter C.3.1.1
- sqlnet.ora file sample B.2
- SQLNET.RADIUS_ALTERNATE_PORT parameter C.3.1.3
- SQLNET.RADIUS_ALTERNATE_RETRIES parameter C.3.1.5
- SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter C.3.1.4
- SQLNET.RADIUS_ALTERNATE parameter C.3.1.2
- SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter C.3.1.7
- SQLNET.RADIUS_AUTHENTICATION_PORT parameter C.3.1.8
- SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter C.3.1.10
- SQLNET.RADIUS_AUTHENTICATION parameter C.3.1.6
- SQLNET.RADIUS_CHALLENGE_KEYWORD parameter C.3.1.12
- SQLNET.RADIUS_CHALLENGE_RESPONSE parameter C.3.1.11
- SQLNET.RADIUS_CLASSPATH parameter C.3.1.13
- SQLNET.RADIUS_SECRET parameter C.3.1.14
- SQLNET.RADIUS_SEND_ACCOUNTING parameter C.3.1.15
- synchronous authentication mode 19.3.1
- system requirements 15.6
- RADIUS authentication 3.6.2.3
- READ ANY TABLE system privilege
- READ object privilege
- reads
- limits on data blocks 2.4.2.4
- realm (Kerberos) 17.1.2
- REDACT_AUDIT transparent sensitive data protection default policy 11.10.1
- redo log files
- auditing committed and rolled back transactions A.11.2
- REFERENCES privilege
- REMOTE_OS_AUTHENT initialization parameter
- REMOTE_OS_ROLES initialization parameter
- remote authentication A.9.1
- remote debugging
- configuring network access 6.12
- resource limits
- about 2.4.1
- call level, limiting 2.4.2.2
- connection time for each session 2.4.2.5
- CPU time, limiting 2.4.2.3
- determining values for 2.4.3
- idle time in each session 2.4.2.5
- logical reads, limiting 2.4.2.4
- private SGA space for each session 2.4.2.5
- profiles 2.4.4.1
- session level, limiting 2.4.2.1
- sessions
- types 2.4.2
- RESOURCE privilege
- CREATE SCHEMA statement, needed for 8.9.1
- RESOURCE role 4.14.1
- about 4.8.2
- restrictions 15.7
- REVOKE CONNECT THROUGH clause
- revoking proxy authorization 3.12.1.6
- REVOKE statement
- revoking privileges and roles
- ROLE_SYS_PRIVS view
- application privileges 8.6
- ROLE_TAB_PRIVS view
- application privileges, finding 8.6
- role identification
- operating system accounts 4.18.2
- roles 8.7.2.1
- See also: secure application roles
- about 4.1, 4.8.1.1
- ADM_PARALLEL_EXECUTE_TASK role 4.8.2
- ADMIN OPTION and 4.15.1.4
- advantages in application use 8.6
- application 4.8.1.5, 4.8.7, 8.8, 8.10
- application privileges 8.6
- applications, for user 8.8
- AUDIT_ADMIN role 4.8.2
- AUDIT_VIEWER role 4.8.2
- AUTHENTICATEDUSER role 4.8.2
- authorization 4.8.4
- authorized by enterprise directory service 4.8.4.6
- CAPTURE_ADMIN role 4.8.2
- CDB_DBA role 4.8.2
- changing authorization for 4.8.3.5
- changing passwords 4.8.3.5
- common, auditing 22.2.4.1
- common, granting 4.7.9
- CONNECT role
- about 4.8.2
- create your own A.4
- CSW_USR_ROLE role 4.8.2
- CTXAPP role 4.8.2
- CWM_USER role 4.8.2
- database role, users 8.8.1
- DATAPUMP_EXP_FULL_DATABASE role 4.8.2
- DATAPUMP_IMP_FULL_DATABASE role 4.8.2
- DBA role 4.8.2
- DBFS_ROLE role 4.8.2
- DDL statements and 4.8.1.9
- default 4.19.3
- default, setting for user 2.2.11
- definer’s rights procedures disable 4.8.1.8.1
- dependency management in 4.8.1.9
- disabling 4.19.2
- dropping 4.8.6
- EJBCLIENT role 4.8.2
- EM_EXPRESS_ALL role 4.8.2
- EM_EXPRESS_BASIC role 4.8.2
- enabled or disabled 4.8.1.2, 4.8.5.1
- enabling 4.19.2, 8.8
- enterprise 3.8.1, 4.8.4.6
- EXP_FULL_DATABASE role 4.8.2
- functionality 4.2, 4.8.1.2
- functionality of 4.8.1.2
- GATHER_SYSTEM_STATISTICS role 4.8.2
- GLOBAL_AQ_USER_ROLE role 4.8.2
- global authorization 4.8.4.6
- about 4.8.4.6
- global roles
- granted to other roles 4.8.1.2
- granting and revoking to program units 5.7.6
- granting roles
- granting to program units 4.8.5.3
- GRANT statement 4.18.5
- guidelines for security A.4
- HS_ADMIN_EXECUTE_ROLE role 4.8.2
- HS_ADMIN_ROLE role 4.8.2
- HS_ADMIN_SELECT_ROLE role 4.8.2
- IMP_FULL_DATABASE role 4.8.2
- in applications 4.8.1.3
- indirectly granted 4.8.1.2
- invoker’s rights procedures use 4.8.1.8.2
- JAVA_ADMIN role 4.8.2
- JAVA_DEPLOY role 4.8.2
- JAVADEBUGPRIV role 4.8.2
- JAVAIDPRIV role 4.8.2
- JAVASYSPRIV role 4.8.2
- JAVAUSERPRIV role 4.8.2
- JMXSERVER role 4.8.2
- job responsibility privileges only A.4
- LBAC_DBA role 4.8.2
- listing grants 4.20.3
- listing privileges and roles in 4.20.7
- listing roles 4.20.6
- LOGSTDBY_ADMINISTRATOR role 4.8.2
- management using the operating system 4.18.1
- managing roles
- managing through operating system 4.8.1.10
- managing with RADIUS server 19.4.8
- maximum number a user can enable 4.19.4
- multibyte characters in names 4.8.3.1
- multibyte characters in passwords 4.8.4.1
- naming 4.8.1.1
- network authorization 4.8.4.5
- network client authorization 4.8.4.5
- OEM_ADVISOR role 4.8.2
- OEM_MONITOR role 4.8.2
- OLAP_DBA role 4.8.2
- OLAP_USER role 4.8.2
- OLAP_XS_ADMIN role 4.8.2
- One Big Application User, compromised by 8.2.1
- operating system 4.18.2
- operating system authorization 4.8.4.4
- operating-system authorization 4.8.4.3
- operating system granting of 4.18.5
- operating system identification of 4.18.2
- operating system-managed 4.18.3, 4.18.4
- operating system management and the shared server 4.18.6
- OPTIMIZER_PROCESSING_RATE role 4.8.2
- ORDADMIN role 4.8.2
- password case sensitivity 3.2.6.3
- PDB_DBA role 4.8.2
- predefined 4.8.2
- privileges, changing authorization method for 4.8.3.5
- privileges, changing passwords 4.8.3.5
- privileges for creating 4.8.3.1
- privileges for dropping 4.8.6
- PROVISIONER role 4.8.2
- RESOURCE role 4.8.2
- restricting from tool users 4.8.7
- restrictions on privileges of 4.8.1.9
- REVOKE statement 4.18.5
- revoking 4.8.5.1, 4.16.1
- SCHEDULER_ADMIN role 4.8.2
- schemas do not contain 4.8.1.1
- security domains of 4.8.1.7
- SET ROLE statement
- setting in PL/SQL blocks 4.8.1.8.2
- SPATIAL_CSW_ADMIN role 4.8.2
- SPATIAL_WFS_ADMIN role 4.8.2
- unique names for 4.8.3.1
- use of passwords with 4.8.1.3
- user 4.8.1.6, 8.10
- users capable of granting 4.8.5.2
- uses of 4.8.1.2, 4.8.1.4
- WFS_USR_ROLE role 4.8.2
- WITH GRANT OPTION and 4.15.2.2
- without authorization 4.8.3.1
- WM_ADMIN_ROLE role 4.8.2
- XDB_SET_INVOKER roles 4.8.2
- XDB_WEBSERVICES_OVER_HTTP role 4.8.2
- XDB_WEBSERVICES_WITH_PUBLIC role 4.8.2
- XDB_WEBSERVICES role 4.8.2
- XDBADMIN role 4.8.2
- XS_CACHE_ADMIN role 4.8.2
- XS_NSATTR_ADMIN role 4.8.2
- XS_RESOURCE role 4.8.2
- root
- viewing information about 4.6.6.1
- root file paths
- for files and packages outside the database A.3
- row-level security
- See: fine-grained access control, Oracle Virtual Private Database (VPD)
- RSA private key A.9.3
- run-time facilities A.3
- restriction permissions A.3
S
- Sarbanes-Oxley Act
- auditing to meet compliance 21.1
- SCHEDULER_ADMIN role
- about 4.8.2
- schema-independent users 8.9.2
- schema object privileges 4.10.1
- schema objects
- schemas
- SCOTT user account
- restricting privileges of A.4
- SEC_CASE_SENSITIVE_LOGON initialization parameter
- deprecated 3.2.6.1
- SEC_CASE_SENSITIVE_LOGON parameter
- SEC_MAX_FAILED_LOGIN_ATTEMPTS initialization parameter 8.11.3
- SEC_PROTOCOL_ERROR_FURTHER_ACTION initialization parameter 8.11.2
- sec_relevant_cols_opt parameter 10.3.6.5
- SEC_RETURN_SERVER_RELEASE_BANNER initialization parameter 8.11.4
- SEC_USER_AUDIT_ACTION_BANNER initialization parameter 8.11.5
- SEC_USER_UNAUTHORIZED_ACCESS_BANNER initialization parameter 8.11.5
- secconf.sql script
- password settings 3.2.4.5
- secret key
- location in RADIUS 19.4.1.3.1
- secure application roles
- secure external password store
- Secure Sockets Layer (SSL) 15.4.3
- about 3.6.1
- architecture 18.5.1
- AUTHENTICATION parameter C.2.2
- authentication parameters C.2
- authentication process in an Oracle environment 18.3
- certificate key algorithm A.9.3
- cipher suites A.9.3, C.2.4
- client and server parameters C.2.2
- client authentication parameter C.2.6
- client configuration 18.8.2
- combining with other authentication methods 18.5
- configuration files, securing A.9.3
- configuration troubleshooeting 18.10
- configuring 18.8
- configuring for SYSDBA or SYSOPER access 3.3.2.4
- enabling 18.8
- filtering certificates 18.8.2.7
- FIPS library location setting (SSLFIPS_LIB) E.3.1
- FIPS mode setting (SSLFIPS_140) E.3.1
- global users with private schemas 3.8.2.1
- guidelines for security A.9.3
- handshake 18.3
- industry standard protocol 18.1
- listener, administering A.9.2
- mode A.9.3
- multiple certificates, filtering 18.8.2.7
- parameters, ways of configuring C.2.1
- pass phrase A.9.3
- requiring client authentication 18.8.1.5
- RSA private key A.9.3
- Secure Sockets Layer (SSL)
- SSL_CLIENT_AUTHENTICATION C.2.6
- securing SSL connection A.9.3
- server.key file A.9.3
- server configuration 18.8.1
- SQLNET.AUTHENTICATION_SERVICES parameter C.2.2
- sqlnet.ora file sample B.2
- SSL_CIPHER_SUITES parameter C.2.3
- SSL_CLIENT_AUTHENTICATION parameter C.2.6
- SSL_SERVER_CERT_DN C.2.7.2
- SSL_SERVER_DN_MATCH C.2.7.1
- SSL_VERSION parameter C.2.5
- system requirements 15.6
- TCPS A.9.3
- version parameter C.2.5
- wallet location, parameter C.2.8
- ways to configure parameters for C.2
- Secure Sockets Layer on Oracle RAC
- cluster node, testing configuration 18.9.7
- listener.ora 18.9.5
- local_listener startup parameter 18.9.2
- remote client, testing configuration 18.9.8
- restarting instances 18.9.6
- restarting listeners 18.9.6
- sqlnet.ora 18.9.5
- TCPS protocol endpoints 18.9.1
- wallet and certificate creation 18.9.3.2
- wallet creation in nodes 18.9.4
- SecurID 19.3.1.2
- token cards 19.3.1.2
- security A.3
- See also: security risks
- application enforcement of 4.8.1.3
- default user accounts
- domains, enabled roles and 4.8.5.1
- enforcement in application 8.2.2
- enforcement in database 8.2.2
- multibyte characters in role names 4.8.3.1
- multibyte characters in role passwords 4.8.4.1
- passwords 3.4.1
- policies
- procedures enhance 5.2
- products, additional 1.2
- roles, advantages in application use 8.6
- security alerts A.2.1
- security attacks 3.12.1.7
- See also: security risks
- access to server after protocol errors, preventing 8.11.2
- application context values, attempts to change 9.3.3.2
- application design to prevent attacks 8.3
- command line recall attacks 8.3.1.1, 8.3.1.4
- denial of service A.9.2
- denial-of-service
- bad packets, addressing 8.11.1
- denial-of-service attacks through listener A.9.2
- disk flooding, preventing 8.11.1
- eavesdropping A.9.1
- encryption, problems not solved by 12.1.2
- falsified IP addresses A.9.1
- falsified or stolen client system identities A.9.1
- hacked operating systems or applications A.9.1
- intruders 12.1.2
- password cracking 3.2.1
- password protections against 3.2.1
- preventing malicious attacks from clients 8.11
- preventing password theft with proxy authentication and secure external password store 3.12.1.7
- session ID, need for encryption 9.4.7.3.2
- shoulder surfing 8.3.1.4
- SQL injection attacks 8.3.1.2
- unlimited authenticated requests, preventing 8.11.3
- user session output, hiding from intruders 9.3.7
- security domains
- enabled roles and 4.8.1.2
- security patches
- security policies
- See: Oracle Virtual Private Database, policies
- security risks 3.12.1.7
- See also: security attacks
- ad hoc tools 4.8.7.1
- applications enforcing rather than database 8.2.2
- application users not being database users 8.2.1
- bad packets to server 8.11.1
- database version displaying 8.11.4
- encryption keys, users managing 12.2.4.4
- invoker’s rights procedures 5.5.1
- password files 3.3.5
- passwords, exposing in programs or scripts 8.3.1.4
- passwords exposed in large deployments 3.2.8.1
- positional parameters in SQL scripts 8.3.1.4
- privileges carelessly granted 4.5.5
- remote user impersonating another user 4.8.4.5
- sensitive data in audit trail A.11
- server falsifying identities A.9.3
- users with multiple roles 8.8.1
- security settings scripts
- password settings
- secconf.sql 3.2.4.5
- password settings
- Security Sockets Layer (SSL)
- use of term includes TLS 18.1.1
- Security Technical Implementation Guide (STIG)
- SEED encryption algorithm 13.1.5
- SELECT_CATALOG_ROLE role
- SYS schema objects, enabling access to 4.5.2.3
- SELECT ANY DICTIONARY privilege
- SELECT FOR UPDATE statement in Virtual Private Database policies 10.5.2
- SELECT object privilege
- sensitive data, auditing of A.11.4
- separation of duty concepts
- sequences
- auditing 22.2.7.2
- server.key file
- pass phrase to read and parse A.9.3
- SESSION_ROLES data dictionary view
- PUBLIC role 4.5.5
- SESSION_ROLES view
- queried from PL/SQL block 4.8.1.8.1
- sessions
- SET ROLE statement
- SGA
- See: System Global Area (SGA)
- SHA-512 cryptographic hash function
- enabling exclusive mode 3.2.7.3
- Shared Global Area (SGA)
- See: System Global Area (SGA)
- shared server
- shoulder surfing 8.3.1.4
- smartcards 15.4.2
- and RADIUS 15.4.2, 19.3.2.2, 19.4.1.3.2, D.1
- smart cards
- guidelines for security A.5
- SPATIAL_CSW_ADMIN role 4.8.2
- SPATIAL_WFS_ADMIN role 4.8.2
- SQL*Net
- See: Oracle Net Services
- SQL*Plus
- SQL92_SECURITY initialization parameter
- READ object privilege impact 4.10.4.3
- SQL Developer
- debugging using Java Debug Wire Protocol 6.12
- SQL injection attacks 8.3.1.2
- SQLNET.ALLOWED_LOGON_VERSION
- See: SQLNET.ALLOWED_LOGON_VERSION_CLIENT, SQLNET.ALLOWED_LOGON_VERSION_SERVER,
- SQLNET.ALLOWED_LOGON_VERSION_CLIENT
- target databases from earlier releases 3.2.7.4
- SQLNET.ALLOWED_LOGON_VERSION_SERVER
- SQLNET.ALLOWED_LOGON_VERSION_SERVER parameter
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 17.1.6.1
- SQLNET.AUTHENTICATION_SERVICES parameter 17.1.6.1, 18.8.1.6, 18.8.2.6, 18.8.2.6.2, 19.4.1.1, 20.2, 20.3, A.9.3, C.2.2, C.3.1.1
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 13.6.3.2, B.3.5
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter 13.6.3.2, B.3.4
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 13.6.3.2, B.3.9
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 13.6.3.2, B.3.8
- SQLNET.ENCRYPTION_CLIENT parameter 13.6.3.1, 20.2, B.3.3
- SQLNET.ENCRYPTION_SERVER parameter 13.6.3.1, 20.2, B.3.2
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter 13.6.3.1, B.3.7
- SQLNET.ENCRYPTION_TYPES_SERVER parameter 13.6.3.1, B.3.6
- SQLNET.KERBEROS5_CC_NAME parameter 17.1.6.3
- SQLNET.KERBEROS5_CLOCKSKEW parameter 17.1.6.3
- SQLNET.KERBEROS5_CONF parameter 17.1.6.3
- SQLNET.KERBEROS5_REALMS parameter 17.1.6.3
- sqlnet.ora file
- Common sample B.2
- FIPS 140-2
- Kerberos sample B.2
- Oracle Advanced Security checksum sample B.2
- Oracle Advanced Security encryption sample B.2
- Oracle wallet setting C.2.8
- OSS.SOURCE.MY_WALLET parameter 18.8.1.2, 18.8.2.3
- parameters for clients and servers using Kerberos C.1
- parameters for clients and servers using RADIUS C.3
- parameters for clients and servers using SSL C.2
- PDBs 3.2.7.3
- RADIUS sample B.2
- sample B.2
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 17.1.6.1
- SQLNET.AUTHENTICATION_SERVICES parameter 17.1.6.1, 18.8.1.6, 18.8.2.6, 18.8.2.6.2, 20.2, 20.3, A.9.3
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 13.6.3.2
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter 13.6.3.2
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 13.6.3.2, B.3.9
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 13.6.3.2, B.3.8
- SQLNET.ENCRYPTION_CLIEN parameter 20.2
- SQLNET.ENCRYPTION_CLIENT parameter B.3.3
- SQLNET.ENCRYPTION_SERVER parameter 13.6.3.1, 20.2, B.3.2
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter 13.6.3.1
- SQLNET.ENCRYPTION_TYPES_SERVER parameter 13.6.3.1
- SQLNET.KERBEROS5_CC_NAME parameter 17.1.6.3
- SQLNET.KERBEROS5_CLOCKSKEW parameter 17.1.6.3
- SQLNET.KERBEROS5_CONF parameter 17.1.6.3
- SQLNET.KERBEROS5_REALMS parameter 17.1.6.3
- SQLNET.SSL_EXTENDED_KEY_USAGE 18.8.2.7
- SSL_CLIENT_AUTHENTICATION parameter 18.8.1.5
- SSL_CLIENT_AUTHETNICATION parameter 18.8.2.3
- SSL_VERSION parameter 18.8.1.4, 18.8.2.5
- SSL sample B.2
- Trace File Set Up sample B.2
- SQLNET.RADIUS_ALTERNATE_PORT parameter 19.4.1.3.3, C.3.1.3
- SQLNET.RADIUS_ALTERNATE_RETRIES parameter 19.4.1.3.3, C.3.1.5
- SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter 19.4.1.3.3, C.3.1.4
- SQLNET.RADIUS_ALTERNATE parameter 19.4.1.3.3, C.3.1.2
- SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter C.3.1.7
- SQLNET.RADIUS_AUTHENTICATION_PORT parameter C.3.1.8
- SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter C.3.1.10
- SQLNET.RADIUS_AUTHENTICATION_TIMEOUT parameter C.3.1.9
- SQLNET.RADIUS_AUTHENTICATION parameter C.3.1.6
- SQLNET.RADIUS_CHALLENGE_KEYWORDparameter C.3.1.12
- SQLNET.RADIUS_CHALLENGE_RESPONSE parameter C.3.1.11
- SQLNET.RADIUS_CLASSPATH parameter C.3.1.13
- SQLNET.RADIUS_SECRET parameter C.3.1.14
- SQLNET.RADIUS_SEND_ACCOUNTING parameter 19.4.4.1, C.3.1.15
- SQLNET.SSL_EXTENDED_KEY_USAGE parameter 18.8.2.7
- SQL statements
- SQL statements, top-level in unified audit policies 22.2.19.1
- SSL
- See: Secure Sockets Layer (SSL)
- SSL_CIPHER_SUITES parameter C.2.3
- SSL_CLIENT_AUTHENTICATION parameter 18.8.1.5, 18.8.2.3
- SSL_SERVER_CERT_DN parameter C.2.7.2
- SSL_SERVER_DN_MATCH parameter C.2.7.1
- SSL_VERSION parameter 18.8.1.4, 18.8.2.5, C.2.5
- standard auditing
- standard audit trail
- records, purging 23.2.1
- statement_types parameter of DBMS_RLS.ADD_POLICY procedure 10.3.4
- storage
- stored procedures
- using privileges granted to PUBLIC role 4.17
- strong authentication
- symbolic links
- restricting A.6
- synchronous authentication mode, RADIUS 19.3.1
- synonyms
- SYS_CONTEXT function
- SYS_DEFAULT Oracle Virtual Private Database policy group 10.3.7.3
- SYS_SESSION_ROLES namespace 9.3.4.1
- SYS.AUD$ table
- archiving 23.2.2
- SYS.FGA_LOG$ table
- archiving 23.2.2
- SYS account
- SYS and SYSTEM
- passwords A.5
- SYS and SYSTEM accounts
- auditing 22.2.22.1
- SYSASM privilege
- password file 3.3.4
- SYSBACKUP privilege
- SYSDBA privilege 4.4.3
- SYSDG privilege
- SYSKM privilege
- SYSMAN user account A.5
- SYS objects
- auditing 22.2.7.4
- SYSOPER privilege 4.4.3
- SYSRAC privilege
- operations supported 4.4.7
- SYS schema
- objects, access to 4.5.2.3
- System Global Area (SGA)
- system privileges A.3
- system requirements
- SYS user
- auditing example 22.2.5.5
T
- table encryption
- transparent sensitive data protection policy settings 11.15.2
- tables
- tablespaces
- TCPS protocol
- TELNET service A.9.2
- TFTP service A.9.2
- thin JDBC support 14.1
- TLS See Secure Sockets Layer (SSL) 18.1.1
- token cards 15.4.2, A.5
- trace file
- set up sample for sqlnet.ora file B.2
- trace files
- Transparent Data Encryption
- Transparent Data Encryption (TDE)
- TSDP with TDE column encryption 11.15.1
- transparent sensitive data protection (TSDP
- unified auditing
- general steps 11.13.1
- unified auditing
- transparent sensitive data protection (TSDP)
- about 11.1
- altering policies 11.7
- benefits 11.1
- bind variables
- creating policies 11.6
- disabling policies 11.8
- disabling REDACT_AUDIT policy 11.10.4
- dropping policies 11.9
- enabling REDACT_AUDIT policy 11.10.5
- finding information about 11.16
- fine-grained auditing
- general steps 11.14.1
- general steps 11.2
- PDBs 11.5
- privileges required 11.4
- REDACT_AUDIT policy 11.10.1
- sensitive columns in INSERT or UPDATE operations 11.10.2.4
- sensitive columns in same SELECT query 11.10.2.3
- sensitive columns in views 11.10.3
- TDE column encryption
- unified auditing:settings used 11.13.2
- use cases 11.3
- Virtual Private Database
- transparent sensitive data protection (TSDP);
- fine-grained auditing
- settings used 11.14.2
- fine-grained auditing
- transparent tablespace encryption
- about 12.2.4.5
- Transport Layer Security
- compared with native network encryption 13.1.7
- Transport Layer Security (SSL)
- compared to SSL 18.1.1
- Transport Layer Security (TLS)
- application containers 18.1.2
- triggers
- troubleshooting 17.6, 17.6.3
- trusted procedure
- database session-based application contexts 9.1.2
- tsnames.ora configuration file A.9.3
- tutorials 9.3.9
- See also: examples
- application context, database session-based 9.3.9
- auditing
- definer’s rights, database links 5.8.8.1
- external network services, using email alert 22.4.8.1
- global application context with client session ID 9.4.8.1
- invoker’s rights procedure using CBAC 5.7.7
- nondatabase users
- Oracle Virtual Private Database
- TSDP with VPD 11.12.3
- types
U
- UDP and TCP ports
- close for ALL disabled services A.9.2
- UGA
- See: User Global Area (UGA)
- UNIFIED_AUDIT_TRAIL data dictionary view
- best practices for using A.11.6
- unified auditing
- unified audit policies
- unified audit policies, administrative users
- unified audit policies, altering
- unified audit policies, application containers
- example 22.2.20.6
- unified audit policies, CDBs
- unified audit policies, conditions
- unified audit policies, disabling
- unified audit policies, enabling
- unified audit policies, object actions
- unified audit policies, Oracle Database Real Application Security
- unified audit policies, Oracle Database Vault
- about 22.2.14.1
- appearance in audit trail 22.2.14.17
- attributes to audit 22.2.14.3
- configuring 22.2.14.12
- data dictionary views 22.2.14.2
- example of auditing factors 22.2.14.16
- example of auditing realm 22.2.14.13
- example of auditing rule set 22.2.14.14
- example of auditing two events 22.2.14.15
- how events appear in audit trail 22.2.14.17
- unified audit policies, Oracle Data Miner
- about 22.2.16.1
- unified audit policies, Oracle Data Mining
- unified audit policies, Oracle Data Pump
- unified audit policies, Oracle Label Security
- unified audit policies, Oracle Recovery Manager
- unified audit policies, Oracle SQL*Loader
- unified audit policies, privileges
- unified audit policies, roles
- unified audit policies, top-level statements 22.2.19.1
- unified audit session ID, finding 22.2.10.7
- unified audit trail
- unified audit trail, object actions
- unified audit trail, Oracle Data Mining
- examples 22.2.16.4
- unified audit trail, top-level statements 22.2.19.3
- unified audit trial
- Oracle Database Real Application Security ALL audit events 22.2.12.6
- Oracle Database Real Application Security security class and ACL audit events 22.2.12.4
- Oracle Database Real Application Security session audit events 22.2.12.5
- Oracle Database Real Application Security user, privilege, and role audit events 22.2.12.3
- Oracle Database Vault command rule events 22.2.14.6
- Oracle Database Vault Data Pump events 22.2.14.10
- Oracle Database Vault enable and disable events 22.2.14.11
- Oracle Database Vault factor events 22.2.14.7
- Oracle Database Vault OLS events 22.2.14.9
- Oracle Database Vault realm events 22.2.14.4
- Oracle Database Vault rule set and rule events 22.2.14.5
- Oracle Database Vault secure application role events 22.2.14.8
- Oracle Data Mining audit events 22.2.16.2
- Oracle Data Pump audit events 22.2.17.2
- Oracle Label Security audit events 22.2.15.2
- Oracle Label Security user session label events 22.2.15.3
- Oracle Recovery Manager audit events 22.2.13.2
- Oracle SQL*Loader Direct Load Path audit events 22.2.18.2
- unified audting
- TSDP policies and 11.13.1
- UNLIMITED TABLESPACE privilege 2.2.7.4
- UPDATE privilege
- revoking 4.16.2.4
- user accounts
- administrative user passwords A.5
- application common user
- about 2.2.1.1
- CDB common user
- about 2.2.1.1
- common
- creating 2.2.10.1
- default user account A.5
- local
- creating 2.2.10.3
- local user
- about 2.2.1.3
- password guidelines A.5
- passwords, encrypted A.5
- privileges required to create 2.2.2
- proxy users 3.12.1.3
- USERENV function 12.3
- used in views 5.6.1
- USERENV namespace 3.12.2.4
- See also: CLIENT_IDENTIFIER USERENV attribute
- about 9.3.4.2
- User Global Area (UGA)
- application contexts, storing in 9.1.3
- user names
- schemas 8.9
- user privileges
- CDBs 4.3
- USER pseudo column 4.12.2
- users
- administrative option (ADMIN OPTION) 4.15.1.4
- altering 2.3.1
- altering common users 2.3.2
- altering local users 2.3.2
- application users not known to database 3.12.2.1
- assigning unlimited quotas for 2.2.7.4
- auditing 22.2.22.1
- database role, current 8.8.1
- default roles, changing 2.2.11
- default tablespaces 2.2.6.1
- dropping 2.5.1, 2.5.3
- dropping profiles and 2.4.4.6
- dropping roles and 4.8.6
- enabling roles for 8.8
- enterprise 3.8.1, 4.8.4.6
- enterprise, shared schema protection 8.9.2
- external authentication
- finding information about 2.6.1
- finding information about authentication 3.13
- global 3.8.1
- assigning profiles 2.4.4.5
- hosts, connecting to multiple
- See external network services, fine-grained access to 6.1
- information about, viewing 2.6.2
- listing roles granted to 4.20.3
- memory use, viewing 2.6.5
- names
- network authentication, external 3.9.6
- nondatabase 9.4.2, 9.4.6.7
- objects after dropping 2.5.1
- operating system external authentication 3.9.5
- password encryption 3.2.1
- privileges
- profiles
- profiles, CDB or application 2.4.4.4
- proxy authentication 3.12.1.1
- proxy users, connecting as 3.12.1.1
- PUBLIC role 4.8.1.7, 4.17
- quota limits for tablespace 2.2.7.3
- restricting application roles 4.8.7
- restrictions on user names 2.2.4.1
- roles and 4.8.1.3
- for types of users 4.8.1.6
- schema-independent 8.9.2
- schemas, private 3.8.2.1
- security, about 2.1
- security domains of 4.8.1.7
- tablespace quotas 2.2.7.1
- tablespace quotas, viewing 2.6.3
- user accounts, creating 2.2.3
- user models and Oracle Virtual Private Database 10.5.9
- user name, specifying with CREATE USER statement 2.2.4.2
- views for finding information about 2.6
- user sessions, multiple within single database connection 3.12.1.8
- utlpwdmg.sql
- about 3.2.5.1
V
- valid node checking A.9.2
- views
- about 4.12
- access control list data
- application contexts 9.6
- audited activities 22.5
- auditing 22.2.7.2
- audit management settings 23.4
- audit trail usage 22.5
- authentication 3.13
- bind variables in TSDP sensitive columns 11.10.3
- DBA_COL_PRIVS 4.20.4
- DBA_HOST_ACES 6.13
- DBA_HOST_ACLS 6.13
- DBA_ROLE_PRIVS 4.20.3
- DBA_ROLES 4.20.6
- DBA_SYS_PRIVS 4.20.2
- DBA_TAB_PRIVS 4.20.4
- DBA_USERS_WITH_DEFPWD 3.2.4.2
- DBA_WALLET_ACES 6.13
- DBA_WALLET_ACLS 6.13
- definer’s rights 5.6.1
- encrypted data 12.6
- invoker’s rights 5.6.1
- Oracle Virtual Private Database policies 10.6
- privileges 4.12
- profiles 2.6.1
- ROLE_SYS_PRIVS 4.20.7
- ROLE_TAB_PRIVS 4.20.7
- security applications of 4.12.2
- SESSION_PRIVS 4.20.5
- SESSION_ROLES 4.20.5
- transparent sensitive data protection 11.16
- USER_HOST_ACES 6.13
- USER_WALLET_ACES 6.13
- users 2.6.1
- Virtual Private Database
- See: Oracle Virtual Private Database
- VPD
- See: Oracle Virtual Private Database
- vulnerable run-time call A.3
- made more secure A.3
W
- Wallet Manager
- See: Oracle Wallet Manager
- wallets 6.2, 18.4.2.4
- See also: access control lists (ACL), wallet access
- authentication method 3.6.2.5
- Web applications
- Web-based applications
- Oracle Virtual Private Database, how it works with 10.5.9
- WFS_USR_ROLE role 4.8.2
- WHEN OTHERS exceptions
- logon triggers, used in 9.3.7
- Windows native authentication 3.3.3
- WITH GRANT OPTION clause
- WM_ADMIN_ROLE role 4.8.2